Aco Data Use Agreement

If you are an organization that participates in the Medicare Shared Savings Program as the Medicare Accountable Care Organization (“ACO”), your ability to access Medicare patient data depends on the signing of the CMS Data Use Agreement (the “Data Use Contract”). Just as the companies, business partners and subcontractors involved should read and fully understand their BAAs, Medicare ACOS should ensure that they are aware of several provisions relating to the data usage agreement that are stricter than those normally contained in an BAA, which may come as a surprise. Here are ten provisions of the data usage agreement that are worth auditing if you are an ACO Medicare or another business partner or subcontractor, as they may very well reappear in one way or another in the “Super BAA” of the future: 3. The ACO cannot allow access to patient data unless it is approved by the CMS. 5. The ACO retains patient data (and all derivative data) only one year or up to 30 days after the conclusion of the objective stated in the data contract, according to the previous date, and the ACO must destroy the data and send a written confirmation of destruction to CMS within 30 days. 10. The ACO undertakes to report to CMS any breach of personal data from CMS data files, the loss of that data or communication to unauthorized persons by phone or email within one hour. Legitimate possibility of disabling the sharing of damage data. Notwithstanding THE legal authority of HIPAA to share data for health care purposes, CMS proposes to require the ACO to inform beneficiaries of the possibility that the ACO may request harm data about them if they do not object and to inform recipients of their ability not to share their protected health information with the ACO. The proposed rules state that beneficiaries must have a “reasonable means” of opting out. To be “useful,” cms indicates that the ability to decide whether the recipient`s detailed information can be disclosed allows for the response: (1) of each notice and the time it takes to make a decision; (2) obtain adequate information on the benefits and risks of providing data for proposed ACO uses; (3) not imposing consent; and (4) not to use the recipient`s choice to allow the shared use of his information for discriminatory purposes.